Re: [CentOS] centos 6.3, cron and mail script output
Le ven. 23 nov. 2012 10:42:19 CET, Philippe Naudin a écrit: > ... > rsync ...options... 2>&1 > LOGFILE > echo -e "finished pushing to the backup \n$LOGFILE" Nonsense, sorry. If the output is short, you can do : LOGS=$(rsync ... 2>&1) echo -e "finished pushing to the backup \n$LOGS" I you expect longer output : rsync ...options... 2>&1 > LOGFILE echo -e "finished pushing to the backup" cat LOGFILE -- Philippe Naudin UMR MISTEA : Mathématiques, Informatique et STatistique pour l'Environnement et l'Agronomie INRA, bâtiment 29 - 2 place Viala - 34060 Montpellier cedex 2 tél: 04.99.61.26.34, fax: 04.99.61.29.03, mél: nau...@supagro.inra.fr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos 6.3, cron and mail script output
Le ven. 23 nov. 2012 10:52:50 CET, Mihamina Rakotomandimby a écrit: > Hi all > > I have a '/etc/cron.daily/push-to-backup' script which the content is: > >#!/bin/bash >/usr/bin/rsync [... long options line ...] >echo "finished pushing to the backup" > > Launched manually, it's OK. > > Waiting for cron to execute it, > In the "/var/log/cron", I see the starting time and the finish time, and > I see it take about 10 minutes to make the job. That's very fine, it's > the expected executioon time > ... Compare the execution time to the timeout option of your smtp server. I don't know about exim, but on my postfix I added : smtpd_timeout = 30m Another possibility is to "spool" the mail, something like : rsync ...options... 2>&1 > LOGFILE echo -e "finished pushing to the backup \n$LOGFILE" hth, -- Philippe Naudin UMR MISTEA : Mathématiques, Informatique et STatistique pour l'Environnement et l'Agronomie INRA, bâtiment 29 - 2 place Viala - 34060 Montpellier cedex 2 tél: 04.99.61.26.34, fax: 04.99.61.29.03, mél: nau...@supagro.inra.fr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] NTP server problem behind firewall
Le lun. 03 sept. 2012 13:15:41 CEST, Leonard den Ottolander a écrit: > On Sun, 2012-09-02 at 07:46 +, Artifex Maximus wrote: > > Any idea what is wrong? > > The iptables rules you specify only allow clients from your local > network access to your "proxy" ntp server. However, you do not specify > any rules for eth1 to allow that ntp server to synchronise with the > remote servers it is using. So unless you are using a local time source > that might be your problem. I don't think this is the problem : the firewall accept everything in the output chain, and established/related in input : my ntp server works fine with the same rules (123/tcp is indeed useless). For me, the problem is not ntp+iptables, or it should appears in /var/log/messages, thanks to the -j LOG. There can be something wrong in ntp.conf (but this is probably not the case since it works without firewall), in the firewall (for example, if it blocks DNS requests), or in the network configuration. Regards, -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Cut command behaviour - bug or feature
Le mer. 29 août 2012 01:44:48 CEST, Rajagopal Swaminathan a écrit: > Greetings, > > On Wed, Aug 29, 2012 at 1:36 AM, wrote: > > > > I've never been that good with cut. I'm going to see the author, Dave > > Ihnat this weekend, who sometimes shows up here... but in the meantime, > > you might use > > awk 'BEGIN {FS=",";}{print $2 "," $3 "," $1;}' infile > > > > I tried it on an xp box with GnuWin32 binaries. It barked some error > showing the single quote. > > I will try on a centos box later (which I am silently injecting > [installing] into that env after handwaving the xp). You can also try with bash : while IFS="," read A B C ; do echo "$B,$C,$A" ; done < infile Regards, -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] SELinux : please explain ...
Hello, This is somehow off-topic, since the problem appears on a modified CentOS-6.2 (turned into a xen-4.1 host) : I get SELinux errors, and I'm not able to understand them. >From audit2why : type=AVC msg=audit(1343724164.898:298772): avc: denied { mac_admin } for pid=12399 comm="restore" capability=33 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=capability2 ... and from audit2allow : #= unconfined_t == allow unconfined_t self:capability2 mac_admin; I don't know what triggers these records in /var/log/audit (everything seems to work). Running retorecon -rv / doesn't produce any error. Can someone tell me what is the mac_admin functionnality, and if it is safe to allow it ? If I understand correctly what I have found by googling around, it is not advised. Thanks, -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] yum install, and exit status
Hello, IIRC, the exit status of "yum install foo bar" was (long ago !) 0 only if foo *and* bar could be installed. Nowadays, it is 0 if foo *or* bar (or both) are correctly installed. Is there a way to get the old behavior ? Thanks, -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsyslog.conf - why the "-" in this entry? mail.* -/var/log/maillog
Le mar. 05 juin 2012 17:06:32 CEST, Leonard den Ottolander a écrit: > Hello James, > > On Tue, 2012-06-05 at 10:30 -0400, James B. Byrne wrote: > > In dealing with an unrelated issue I came across this in rsyslog.conf. > > > > # The authpriv file has restricted access. > > authpriv.* /var/log/secure > > # Log all the mail messages in one place. > > mail.* -/var/log/maillog > > # Log cron stuff > > cron.* /var/log/cron > > > > Why is there a "-" before /var/log/maillog? > > Better question than it appears at first glance ;) . Nothing in man > rsyslog.conf on C6, but on C5 man syslog.conf it says under "ACTIONS", > "Regular File": > > "You may prefix each entry with the minus ‘‘-’’ sign to omit syncing the > file after every logging. Note that you might lose information if the > system crashes right behind a write attempt. Nevertheless this might > give you back some performance, especially if you run programs that use > logging in a very verbose manner." > > Now whether that minus is still supported under C6 I can't tell you :) . It seems this is no more necessary. From http://www.rsyslog.com/doc/v3compatibility.html : "In rsyslog v3, syncing has been turned off by default." OTOH, it doesn't hurt do let the minus sign in place. -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsyslog.conf - why the "-" in this entry? mail.* -/var/log/maillog
Le mar. 05 juin 2012 10:30:25 CEST, James B. Byrne a écrit: > In dealing with an unrelated issue I came across this in rsyslog.conf. > > # The authpriv file has restricted access. > authpriv.* /var/log/secure > # Log all the mail messages in one place. > mail.* -/var/log/maillog > # Log cron stuff > cron.* /var/log/cron > > Why is there a "-" before /var/log/maillog? This character is not > present before any of the other log files specified in > /etc/rsyslog.conf. It means that writing to this logfile is not followed by a sync. -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] gnome / gdm mess
Hello, My first attempt to install Gnome is not a bright success. If I boot in runlevel 5, using gdm, I get the login screen, but after login I get sometimes only the root window (no icons, no toolbar, no menu, nothing but keyboard shortcuts), sometimes the icons are here but not the toolbars... If I use startx from runlevel 3, everything is fine. As I don't know Gnome, I have very probably messed something during install (CentOS-6, x86_64, using uptodate netinstall iso, starting from Minimal Desktop). But I have no clue about where to look, or how to debug it. Can someone point me to some useful doc ? P.S. I'm surprised to see gdm and X running on tty1 (in runlevel 5, not 3). Is it correct ? Thanks for your help, -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] support for Broadcom BCM4313
Le ven. 25 mai 2012 13:45:27 CEST, Akemi Yagi a écrit: > On Fri, May 25, 2012 at 7:45 AM, Philippe Naudin > wrote: > > Le ven. 25 mai 2012 09:42:14 CEST, Phil Schaffner a écrit: > > >> Check http://elrepo.org/tiki/kmod-compat-wireless to see if it supports > >> your hardware with the standard kernel. > > > > Phil, Earl, > > > > Thanks for pointing me to elrepo : yes, the kmod-compat-wireless page > > lists brcmsmac.ko. > > > > If someone else find this mail while wanting to use its bcm4313 > > adapter : > > rpm -Uvh http://elrepo.org/elrepo-release-6-4.el6.elrepo.noarch.rpm > > download the firmware from > > http://git.kernel.org/?p=linux/kernel/git/firmware/ > > tar xzf linux-firmware-*.tar.gz > > mv linux-firmware-*/brcm/ /lib/firmware/ > > restorecon -rv /lib/firmware > > depmod -a : modprobe brcmsmac > > ... and it works. > > Philippe, > > Thank you for the note. The kmod-compat-wireless wiki page has been > updated using your lines as an example for installation. Oh. After re-reading my post, I found a couple of mistakes : - the actual URL for the firmware is http://git.kernel.org/?p=linux/kernel/git/firmware/linux-firmware.git;a=commit;h=e4379d14549cd9b29988cf3c5b74b29d2051dd09 - and the ";" turned ":" in "depmod -a ; modprobe brcmsmac" Sorry for the inconvenience, and a lot of thanks for your job ! -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] support for Broadcom BCM4313
Le ven. 25 mai 2012 09:42:14 CEST, Phil Schaffner a écrit: > Philippe Naudin wrote on 05/25/2012 08:39 AM: > > Hello, > > > > The support for Broadcom Corporation BCM4313 802.11b/g/n Wireless is > > native in the kernel since 2.6.37 (module brcm80211, renamed brcmsmac > > since 2.6.39). > > > > But is it backported to some kernel available for CentOS ? > > > > Thanks, > > > > Check http://elrepo.org/tiki/kmod-compat-wireless to see if it supports > your hardware with the standard kernel. Phil, Earl, Thanks for pointing me to elrepo : yes, the kmod-compat-wireless page lists brcmsmac.ko. If someone else find this mail while wanting to use its bcm4313 adapter : rpm -Uvh http://elrepo.org/elrepo-release-6-4.el6.elrepo.noarch.rpm download the firmware from http://git.kernel.org/?p=linux/kernel/git/firmware/ tar xzf linux-firmware-*.tar.gz mv linux-firmware-*/brcm/ /lib/firmware/ restorecon -rv /lib/firmware depmod -a : modprobe brcmsmac ... and it works. Thanks again, -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] support for Broadcom BCM4313
Hello, The support for Broadcom Corporation BCM4313 802.11b/g/n Wireless is native in the kernel since 2.6.37 (module brcm80211, renamed brcmsmac since 2.6.39). But is it backported to some kernel available for CentOS ? Thanks, -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] restorecon and sudo
Hello, On CentOS-6.2, these two commands (on the same machine) give me different results : # restorecon -r /var/www/html/Centos/ # (as root) $ sudo restorecon -r /var/www/html/Centos/ # (as an unprivileged user) /var/www/html/Centos/ is a symlink to /mnt/packages/Centos/ In the first case, I get : # ls -Z /var/www/html/Centos/ drwxr-xr-x. naudin biom system_u:object_r:httpd_sys_content_t 6 and in the second case : $ ls -Z /var/www/html/Centos/ drwxr-xr-x. naudin biom system_u:object_r:unlabeled_t:s0 6 Is this the expected behavior, or is there something I have missed ? -- Philippe Naudin UMR MISTEA : Mathématiques, Informatique et STatistique pour l'Environnement et l'Agronomie INRA, bâtiment 29 - 2 place Viala - 34060 Montpellier cedex 2 tél: 04.99.61.26.34, fax: 04.99.61.29.03, mél: nau...@supagro.inra.fr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LibreOffice rpm's vs Centos testing repo
Le ven. 20 avril 2012 19:24:37 CEST, Ljubomir Ljubojevic a écrit: > On 03/19/2012 11:28 AM, Philippe Naudin wrote: > > I am also using a meta-package to ease installation of "official" > > *Office. It is far from perfect, because it don't work if I just do > > yum update openoffice, I have to uninstall openoffice* ooobasis* and > > then install again openoffice (or libreoffice now). > > > > So : me too ;) > > (I am interested to hear about a better way to install official > > LibreOffice...) > > > > My srpms for meta-package are here: > http://rpms.plnet.rs/plnet-centos5-srpms/RPMS.plnet-compiled/ > > but my rpms also have problems with removing openoffice. Thanks Ljubomir, The problem occurs only when removing openoffice (like in "yum remove"), or also when updating it ? If it happens only when removing (and this is normal IMHO), it's already a big progress in comparison with my previous attempts. Cheers, -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] 6.2 - How to check for a failed disk using LVM with a hardware RAID (3ware)
Le jeu. 05 avril 2012 08:38:39 CEST, Jonathan Vomacka a écrit: > CentOS Community, > > What commands can I use to check the disk health of the system when LVM2 > is being used on top of a RAID 10 using a HARDWARE 3ware raid card. The > OS sees a hardware raid usually as one big drive. Is there a way to > check the disks individually to see if any are failing, or throwing hard > or scsi transport errors? You can try : man smartctl smartd can access individual disks behind (supported) RAID controllers. -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] LibreOffice rpm's vs Centos testing repo
Le lun. 19 mars 2012 09:50:21 CET, n...@li.nux.ro a écrit: > ... > I see this trend a lot, to make repos out of official rpms (at least > Ljubomir is also doing it). Maybe it's worth doing this on a bigger scale. > Care to share what exactly you are doing? Are you using any "meta" packages? One interest in using "official" RPMs, from OpenOffice or LibreOffice, is their limited set of dependencies. They don't require gnome, and this makes a big difference on headless, soundless machines. I am also using a meta-package to ease installation of "official" *Office. It is far from perfect, because it don't work if I just do yum update openoffice, I have to uninstall openoffice* ooobasis* and then install again openoffice (or libreoffice now). So : me too ;) (I am interested to hear about a better way to install official LibreOffice...) -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mkswap, lvm and bootbits sectors
Le mer. 14 mars 2012 18:14:31 CET, Peter Kjellström a écrit: > On Wednesday 14 March 2012 11.50.37 Philippe Naudin wrote: > > Thanks all for your answers. > > > > Actually, my problem concern lvm, not mkswap. > > No, afaict there's nothing wrong with your lvm. The only problem I see is > that > mkswap prints our an incorrect or at least pointless warning. > > I can confirm that mkswap on an lv on one of my test machines also says > "warning: don't erase bootbits...". It also says this when running against a > file full of zeroes... > > Regarding fdisks complaints about "doesn't contain a valid partition > table...", this is normal (and may be considered a bug in the "-l" option, it > could have excluded lvm-devices from its list...). > > If you want to get to the bottom of this I suspect the easiest way is to look > at the mkswap source code (under which circumstances it prints that message). Ahh, perfect, thanks a lot. These bugs^W features of fdisk and mkswap were absent of CentOS-5 : I was lost, wondering what can be my mistakes. Thanks again, -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mkswap, lvm and bootbits sectors
Le mer. 14 mars 2012 09:08:46 CET, Peter Kjellström a écrit: > On Tuesday 13 March 2012 13.20.01 m.r...@5-cent.us wrote: > > Peter Kjellström wrote: > > > On Tuesday 13 March 2012 13.41.53 Philippe Naudin wrote: > > >> Hello, > > >> > > >> I am confused by a warning from mkswap : > > >> > > >> When making a swap on a LVM volume, I see the following warning : > > >> mkswap: /dev/vg_SDB1/swap_test6_64: warning: don't erase bootbits > ... > > > > Are you making swap from a logical partition, or a swapfile? If the > > former, perhaps recreating the partition might help. > > Don't confuse the poor guy. 1) yes he's doing mkswap on an lv which was > obvious had you read the post 2) an lv does not have a partition table so > your > statement about recreating it makes no sense. Thanks all for your answers. Actually, my problem concern lvm, not mkswap. I don't know yet if I have completely messed with vgcreate/lvcreate or if what I get is due to some difference between CentOS-5 and CentOS-6, but all my logical volumes seem to appear as distinct disks. On a CentOS-6 machine : $ lvcreate -L 10M --name try_lvcreate --zero=y VolGroup Rounding up size to full physical extent 12.00 MiB Logical volume "try_lvcreate" created $ fdisk -l Disk /dev/mapper/VolGroup-try_lvcreate: 12 MB, 12582912 bytes 255 heads, 63 sectors/track, 1 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x Disk /dev/mapper/VolGroup-try_lvcreate doesn't contain a valid partition table $ mkswap /dev/mapper/VolGroup-try_lvcreate mkswap: /dev/mapper/VolGroup-try_lvcreate: warning: don't erase bootbits sectors on whole disk. Use -f to force. Setting up swapspace version 1, size = 12284 KiB no label, UUID=be229ca5-bcb9-4116-87fc-8878abb44742 The same commands on a CentOS-5 machine give me a completely different output. Can you guess where I have messed, or is this behavior correct on CentOS-6 ? Thanks, -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] mkswap, lvm and bootbits sectors
Hello, I am confused by a warning from mkswap : When making a swap on a LVM volume, I see the following warning : mkswap: /dev/vg_SDB1/swap_test6_64: warning: don't erase bootbits sectors on whole disk. Use -f to force. Setting up swapspace version 1, size = 1048572 KiB Is it safe to use mkswap -f in this case ? (If that matters, the swap is intended for a virtual machine, and the host where I am using mkswap is a CentOS-6 server.) Thanks, -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] confidence in partitioning tool (6.2)
Le mar 31 jan 2012 07:14:25 CET, John Doe a écrit: > From: Marko Vojinovic > > > On Tuesday 31 January 2012 05:34:21 Larry Martell wrote: > >> I can't even defrag the disk without admin rights :-( > >> I'm going to make one more push to get admin, and if not, just go > >> ahead and install CentOS and see what happens. > > Beware that resizing a Windows partition which has not been defrag'ed > > is a Bad Idea, and works only if you are lucky enough that Windows > > didn't use the end-portion of the partition. Maybe it will work on a > > freshly > > installed and not-ever-seriously-used Windows, but it's a gamble. > > I do not think that Windows basic defragging tool still moves all files bits > to the > begining of the partition... It believe it just puts the bits of the same > file in a > sequential order (maybe also put directories entries at the beginning?) and > that's it. Other defrag utilities might do it though. > I would check with a "disk mapper" that displays files location on a disk > graphically (I think there is maybe one in the sysinternal tools)... Windows defrag doesn't "compact" the FileSystem ; ntfsresize does if necessary. Larry should have a look at "man ntfsresize" : http://linux.die.net/man/8/ntfsresize -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] confidence in partitioning tool (6.2)
Le mar 31 jan 2012 05:34:21 CET, Larry Martell a écrit: > ... > I can't even defrag the disk without admin rights :-( > > I'm going to make one more push to get admin, and if not, just go > ahead and install CentOS and see what happens. You can check if there is enough available disk space without defragmenting, with ntfsresize : ntfsresize -i /dev/sda1 # or whatever is your ntfs partition ntfsresize -n --size /dev/sda1 These two commands only show/test what can be done, without changing anything on the disk. If you feel ready for the change : fdisk -l /dev/sda # and keep a copy of the output ntfsresize --size /dev/sda1 # this time without -n fdisk /dev/sda Delete the old sda1 and recreate it with the same start and a size at least sufficient to hold the resized ntfs. Don't forget to change the type of the partition, and activate it. ntfsresize -fi /dev/sda1 If it reports any problem, undo what has been done with fdisk. Restart Windows and let it do its FS check. This has worked for me, but as always : ymmv, be careful. -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] lm_sensors
Le mar 31 jan 2012 05:33:33 CET, Fajar Priyanto a écrit: > Hi all :) > Using lm_sensors, I can see few temperature indicator. > > M/B Temp:+39°C (low = +15°C, high = +40°C) sensor = thermistor > CPU Temp:+33°C (low = +15°C, high = +45°C) sensor = thermistor > Temp3: +53°C (low = +15°C, high = +45°C) sensor = diode > > What is that Temp3? It's the hottest. > Which one is the best to use if I want to use lm_sensor as a general > indicator of my server room temperature? > (my request to buy a Mini Goose temperature monitor is still pending). I use the temperature of the UPS : $ upsc onduleurgeneral...@onduleur.lasb ups.temperature 023.0 (http://www.networkupstools.org/) I have checked : it is a quite correct, if heavy, thermometer ! -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Having problems with sudoers
Le mer 25 jan 2012 08:09:50 CET, Steve Campbell a écrit: > ... > I'm trying to enable the user "apache" to have the ability to run an > executable from a web page. One of the common solutions is to do the > following: > > Defaults:apache !requiretty > apacheALL = NOPASSWD:/program.name > > also tried: > > Defaults!requiretty > Defaultsvisiblepw > > Anyone have a suggestion? I've got to research the tty stuff for now to > ensure there is one available, but beyond that, I'm stumped. Have you checked (grep sudo /var/log/secure) that the user and the command are exactly what you have in /etc/sudoers ? And how is your SELinux ? This works for me in /etc/sudoers : Defaultsrequiretty User_Alias TARTUFFE=naudin Defaults:TARTUFFE !requiretty -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] URL pour les logiciels du campus
https://www1.montpellier.inra.fr/intranet/intracampus/logiciels/consult/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] SELinux and rsh+xauth
Hello, I have a strange (for me) problem with these two machines : - Client, a CentOS-5.7 workstation ; - Server, a CentOS-6.2 headless, up-to-date server. >From Client, I want to use xauth on Server with the help of rsh (yes, I know, ssh and all this sort of things... another time.) When SELinux is in permissive mode on Server, all these commands perform as expected : rsh Server /usr/bin/xauth info rsh Server /usr/bin/xauth list xauth nextract - Client:0.0 | rsh Server /usr/bin/xauth nmerge - But when SELinux is in enforcing mode on Server, the commands fail with this message : bash: /usr/bin/xauth: Permission denied and /var/log/audit/audit.log shows the following errors : type=SELINUX_ERR msg=audit(1326381080.364:610): security_compute_sid: invalid context system_u:system_r:xauth_t:s0-s0:c0.c1023 for scontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_exec_t:s0 tclass=process type=AVC msg=audit(1326381080.364:610): avc: denied { write } for pid=3487 comm="xauth" path="pipe:[21744]" dev=pipefs ino=21744 scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:system_r:rshd_t:s0-s0:c0.c1023 tclass=fifo_file type=AVC msg=audit(1326381080.369:611): avc: denied { getattr } for pid=3487 comm="xauth" path="socket:[21700]" dev=sockfs ino=21700 scontext=system_u:system_r:xauth_t:s0-s0:c0.c1023 tcontext=system_u:system_r:inetd_t:s0-s0:c0.c1023 tclass=tcp_socket The output from audit2allow is here : $ grep AVC /var/log/audit/audit.log | audit2allow libsepol.context_from_record: invalid security context: "system_u:system_r:xauth_t:s0-s0:c0.c1023" libsepol.context_from_record: could not create context structure libsepol.context_from_string: could not create context structure libsepol.sepol_context_to_sid: could not convert system_u:system_r:xauth_t:s0-s0:c0.c1023 to sid (these 4 lines are repeated 2 times) On Server, after creating a new authority file (with rsh again, while Server is in permissive mode), I find : $ ls -Z .Xauthority -rw---. naudin biom system_u:object_r:xauth_home_t:s0 .Xauthority I don't have this problem on a CentOS-5.7 server with the same configuration. Any idea (other than ssh) on how to solve it ? Thanks, -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux and access across 'similar types'
Le ven 06 jan 2012 04:21:14 CET, Bennett Haselton a écrit: > On 1/6/2012 4:11 AM, Philippe Naudin wrote: > > Le ven 06 jan 2012 02:41:02 CET, Bennett Haselton a écrit: > > > >> On 1/6/2012 2:24 AM, Philippe Naudin wrote: > >>> Apache running as "init_t" is a call for troubles. > >> Is it? OK, any idea what caused that and how to fix it? > > No, sorry. Your httpd comes from CentOS ? > Yes > > Afaik, you should not have any process running in context init_t except > > init itself. If "ps awuxZ | grep [i]nit_t" returns more than only init > > and httpd, your problem is likely to be more complicated than a broken > > configuration of apache. > > I've got a few... > > [root@g6950-21025 ~]# ps auwxZ | grep init_t > system_u:system_r:init_troot 1 0.6 0.0 10368 712 > ?Ss 04:17 0:00 init [3] > > system_u:system_r:init_troot 537 0.2 0.1 13728 1976 > ?S system_u:system_r:init_troot 1684 0.0 0.0 38880 456 > ?Ssl 04:18 0:00 brcm_iscsiuio > system_u:system_r:init_troot 1690 0.0 0.0 12152 476 > ?Ss 04:18 0:00 iscsid > system_u:system_r:init_troot 1691 0.0 0.4 12648 4460 > ?S system_u:system_r:init_tdbus 2081 0.0 0.1 31520 1144 > ?Ssl 04:18 0:00 dbus-daemon --system > system_u:system_r:init_troot 2215 0.0 0.1 52372 1492 > ?Ssl 04:18 0:00 automount > system_u:system_r:init_troot 2254 0.0 0.1 62656 1212 > ?Ss 04:18 0:00 /usr/sbin/sshd > system_u:system_r:init_tntp 2273 0.0 0.4 23412 5044 > ?SLs 04:18 0:00 ntpd -u ntp:ntp -p /var > /run/ntpd.pid -g > system_u:system_r:init_troot 2287 0.1 1.0 253312 10580 > ?Ss 04:18 0:00 /usr/sbin/httpd > system_u:system_r:init_tapache2315 0.3 1.3 259488 13376 > ?S04:18 0:00 /usr/sbin/httpd > system_u:system_r:init_tapache2316 0.0 1.0 257436 11124 > ?S04:18 0:00 /usr/sbin/httpd > system_u:system_r:init_tapache2317 0.1 1.1 257436 11288 > ?S04:18 0:00 /usr/sbin/httpd > system_u:system_r:init_tapache2318 0.1 1.1 257436 11292 > ?S04:18 0:00 /usr/sbin/httpd > system_u:system_r:init_tapache2319 0.0 1.0 256720 10504 > ?S04:18 0:00 /usr/sbin/httpd > system_u:system_r:init_tapache2320 0.1 1.0 257436 10752 > ?S04:18 0:00 /usr/sbin/httpd > system_u:system_r:init_tapache2321 0.0 1.1 257436 11272 > ?S04:18 0:00 /usr/sbin/httpd > system_u:system_r:init_tapache2322 0.1 1.1 257436 11356 > ?S04:18 0:00 /usr/sbin/httpd > system_u:system_r:init_troot 2386 0.0 0.0 3812 492 > tty1 Ss+ 04:18 0:00 /sbin/mingetty tty1 > system_u:system_r:init_troot 2387 0.0 0.0 3812 488 > tty2 Ss+ 04:18 0:00 /sbin/mingetty tty2 > system_u:system_r:init_troot 2390 0.0 0.0 3812 488 > tty3 Ss+ 04:18 0:00 /sbin/mingetty tty3 > system_u:system_r:init_troot 2392 0.0 0.0 3812 492 > tty4 Ss+ 04:18 0:00 /sbin/mingetty tty4 > system_u:system_r:init_troot 2394 0.0 0.0 3812 488 > tty5 Ss+ 04:18 0:00 /sbin/mingetty tty5 > system_u:system_r:init_troot 2397 0.0 0.0 3812 488 > tty6 Ss+ 04:18 0:00 /sbin/mingetty tty6 > system_u:system_r:init_tapache2405 0.1 1.0 256412 11008 > ?S04:18 0:00 /usr/sbin/httpd > system_u:system_r:init_troot 2406 0.3 0.3 90156 3456 > ?Ss 04:18 0:00 sshd: root@pts/0 > root:system_r:initrc_t:SystemLow-SystemHigh root 2458 0.0 0.0 61176 768 > pts/0 S+ 04:18 0:00 grep init_t > > > > I also found at least one file (the audit.log file) which has file type > file_t, even though I thought the filesystem had been re-labeled > successfully because /var/www/html/robots.txt had the correct type: > > [root@g6950-21025 ~]# ls -lZ /var/www/html/robots.txt > -rw-rw-rw- root root system_u:object_r:httpd_sys_content_t > /var/www/html/robots.txt > [root@g6950-21025 ~]# ls -lZ /var/log/audit/audit.log > -rw--- root root system_u:object_r:file_t > /var/log/audit/audit.log > > > Any idea (1) what could be causing that and (2) whether it could be > related to the problem with all those init_t processes? It's easy : your init process is broken, all these daemons but init are mis-labeled, so all the files they create (such as log files) are mis-labeled. And if the next question is "how to fix it ?", the answer is easy too : "I don't have any clue..." Sorry, -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux and access across 'similar types'
Le ven 06 jan 2012 02:41:02 CET, Bennett Haselton a écrit: > On 1/6/2012 2:24 AM, Philippe Naudin wrote: > > Apache running as "init_t" is a call for troubles. > Is it? OK, any idea what caused that and how to fix it? No, sorry. Your httpd comes from CentOS ? Afaik, you should not have any process running in context init_t except init itself. If "ps awuxZ | grep [i]nit_t" returns more than only init and httpd, your problem is likely to be more complicated than a broken configuration of apache. If only httpd is concerned, check "ls -Z /usr/sbin/httpd" : -rwxr-xr-x root root system_u:object_r:httpd_exec_t /usr/sbin/httpd and try eventually "yum reinstall httpd" ... -- Philippe Naudin UMR MISTEA : Mathématiques, Informatique et STatistique pour l'Environnement et l'Agronomie INRA, bâtiment 29 - 2 place Viala - 34060 Montpellier cedex 2 tél: 04.99.61.26.34, fax: 04.99.61.29.03, mél: nau...@supagro.inra.fr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux and access across 'similar types'
Le ven 06 jan 2012 02:00:27 CET, Bennett Haselton a écrit: > On 1/5/2012 1:36 PM, Bennett Haselton wrote: > ... > OK, notwithstanding the fact that the filesystem on the above machine > needs to be re-labeled and I don't know why that's failing -- > > I have another CentOS 5.7 machine where I've enabled SELinux (permissive > mode) and relabeled the filesystem and it actually worked, so that the > above commands are now giving the expected outputs: > > [root@g6950-21025 ~]# ps awuxZ | grep httpd | head -n 3 > system_u:system_r:init_troot 2302 0.0 1.0 253056 10576 > ?Ss 00:12 0:00 /usr/sbin/httpd > system_u:system_r:init_tapache4201 0.1 2.0 274804 20968 > ?S01:26 0:02 /usr/sbin/httpd > system_u:system_r:init_tapache4392 0.2 1.2 257308 12512 > ?S01:39 0:01 /usr/sbin/httpd Apache running as "init_t" is a call for troubles. $ ps awuxZ | grep [a]pache system_u:system_r:httpd_t apache ... /usr/sbin/httpd > [root@g6950-21025 ~]# ls -lZ /var/www/html/robots.txt > -rw-rw-rw- root root system_u:object_r:httpd_sys_content_t > /var/www/html/robots.txt This is correct. -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CR repo - version issue
Le mer 14 déc 2011 12:17:36 CET, Philip Manuel a écrit: > > > On 12/14/2011 12:07 PM, Johnny Hughes wrote: > > On 12/13/2011 06:54 PM, Philip Manuel wrote: > >> > >> On 12/14/2011 11:49 AM, Johnny Hughes wrote: > >> > > You do have i686 packages on that machine ... that is what the error you > > posted is. > > > > create (or edit( a file called: > > > > /root/.rpmmacros > > > > put this in the that file as the top line: > > > > %_query_all_fmt %%{name}-%%{version}-%%{release}.%%{arch} > > > > Then do the command: > > > > rpm -qa | grep i[3,6]86 > > > > That should show you the i686 packages that are installed on the machine. > > > cat /etc/rpm/macros.zomojo > # Zomojo global rpm macros > %org_tag .zmj > %dist .el6 > %rhel 6 > %zmj_bjam_flags '-j 4' > %packager Zomojo > %_query_all_fmt %%{name}-%%{version}-%%{release}.%%{arch} > rpm -qa | grep i[3,6]86 > :~# > > Nothing other than x86_64 packages Maybe also, in the case there is something broken in the yum database : yum list installed '*i[3456]86' -- Philippe Naudin UMR MISTEA : Mathématiques, Informatique et STatistique pour l'Environnement et l'Agronomie INRA, bâtiment 29 - 2 place Viala - 34060 Montpellier cedex 2 tél: 04.99.61.26.34, fax: 04.99.61.29.03, mél: nau...@supagro.inra.fr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Backup Redux
Le jeu 08 déc 2011 09:43:21 CET, Les Mikesell a écrit: > On Thu, Dec 8, 2011 at 8:53 AM, Alan McKay wrote: > > > > Here is my situation : we have pretty much all Sun hardware with a Sun > > StorageTek SL24 tape unit backing it all up. OSes are a combination of > > RHEL and CentOS. The software we are using is EMC > > > > NetWorker Management Console version 3.5.1.Build.269 > > based on NetWorker version 7.5.1.Build.269 > > > > The pickle we are in right now is that this software is Java based, and > > stops working at a very specific release of JRE (1.6.26 or something like > > that). > > That sounds like something that can/should be fixed. > > > > > I am familiar with BackupPC and will look at the other recommendations > > above. I think that Bacula and Amanda are sort of the drop-in replacements > > for what we have now so I'll look at them most closely. But if I do have > > to carry forward with our own backups I'd ideally like to get out of the > > tape game - never liked tapes. > > If you want mostly-online backups with perhaps an occasional tar > archive, it will be hard to beat backuppc because of it's storage > pooling and ability to run over rsync or smb with no remote agents. > For all-tape, I'd probably go with amanda because of its ability > juggle the full/incremental mix automatically to fit the available > tape size. I haven't used bacula but it looks like it might be good > if you want a mix of online and tape storage and can deal with the > agent installs. In this last scenario, dar (http://dar.linux.free.fr/doc/Features.html) works just fine and don't need any remote agent. It is also at least as fast as Bacula at restore time, provided the "catalogue" is ready. -- Philippe Naudin UMR MISTEA : Mathématiques, Informatique et STatistique pour l'Environnement et l'Agronomie INRA, bâtiment 29 - 2 place Viala - 34060 Montpellier cedex 2 tél: 04.99.61.26.34, fax: 04.99.61.29.03, mél: nau...@supagro.inra.fr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] yum with a proxy
Le mer 07 déc 2011 09:12:24 CET, Johnny Hughes a écrit: > On 12/07/2011 09:03 AM, Philippe Naudin wrote: > > Hello, > > > > While yum is configured to use a proxy, like this : > > [base] > > name=CentOS-$releasever - Base > > > > mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os > > #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ > > gpgcheck=1 > > gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 > > proxy=http://proxy.lasb:3128 > > > > it still make some attempts to connect directly to Internet (tcp 80). > > These attempts are denied and logged by the firewall. > > > > If I comment out the line mirrorlist= and uncomment the line > > baseurl= then there is no more direct connexion to Internet. > > (N.B. : in both cases, yum works well despite the access denied.) > > > > I have tried to add a line proxy= to fastestmirror.conf, but it > > doesn't change anything. I can't put proxy= in /etc/yum.conf > > because I also have a local repo. > > > > Any idea on how to avoid these connexion to Internet ? > > fastestmirror is designed to make direct connections to remote sites, > time them, and then pick the fastest mirror from that machine to a > specific mirror. If your machine can not connect directly to the > external mirror, it is going to cause issues. > > It works ok through most transparent proxies (though, the connection > times are going to be to the proxy, and all the same and very low, and > not valid for the purpose of fastest mirror) ... it does not work with > proxies that require a password or non port 80 proxies. > > If you have a web proxy, you will most likely need to not use fastest > mirror. Thanks for your answer : indeed, adding enabled=0 to fastestmirror.conf solves the problem. -- Philippe Naudin UMR MISTEA : Mathématiques, Informatique et STatistique pour l'Environnement et l'Agronomie INRA, bâtiment 29 - 2 place Viala - 34060 Montpellier cedex 2 tél: 04.99.61.26.34, fax: 04.99.61.29.03, mél: nau...@supagro.inra.fr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] yum with a proxy
Hello, While yum is configured to use a proxy, like this : [base] name=CentOS-$releasever - Base mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 proxy=http://proxy.lasb:3128 it still make some attempts to connect directly to Internet (tcp 80). These attempts are denied and logged by the firewall. If I comment out the line mirrorlist= and uncomment the line baseurl= then there is no more direct connexion to Internet. (N.B. : in both cases, yum works well despite the access denied.) I have tried to add a line proxy= to fastestmirror.conf, but it doesn't change anything. I can't put proxy= in /etc/yum.conf because I also have a local repo. Any idea on how to avoid these connexion to Internet ? TIA, -- Philippe Naudin UMR MISTEA : Mathématiques, Informatique et STatistique pour l'Environnement et l'Agronomie INRA, bâtiment 29 - 2 place Viala - 34060 Montpellier cedex 2 tél: 04.99.61.26.34, fax: 04.99.61.29.03, mél: nau...@supagro.inra.fr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-5.7 + megaraid + SELinux : update problem
Hello, After updating to CentOS-5.7, I have a (small) problem : The context of /dev/megadev0 is now defined (in /etc/selinux/targeted/contexts/files/file_contexts) as system_u:object_r:removable_device_t:s0. This cause smartmontools to fail : avc: denied { read write } for pid=2847 comm="smartd" name="megadev0" dev=tmpfs ino=8284 scontext=system_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:removable_device_t:s0 tclass=chr_file Changing the context (of megadev0) to fixed_disk_device_t solves the problem, but is this the best solution ? Thanks, -- Philippe Naudin UMR MISTEA : Mathématiques, Informatique et STatistique pour l'Environnement et l'Agronomie INRA, bâtiment 29 - 2 place Viala - 34060 Montpellier cedex 2 tél: 04.99.61.26.34, fax: 04.99.61.29.03, mél: nau...@supagro.inra.fr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] read failed after messages of non existing harddisks
Le ven 28 oct 2011 14:08:50 CEST, Götz Reinicke a écrit: > Hi, > > some time ago I removed some physical disks from a server and now I'm > still getting dmesg messages like: > > sd 0:2:2:0: SCSI error: return code = 0x00040001 > end_request: I/O error, dev sdc, sector 0 > > And all lvm tools still grumbel about that disks too: > > /dev/sdb: read failed after 0 of 4096 at 0: Eingabe-/Ausgabefehler > /dev/sdb: read failed after 0 of 4096 at 1746969493504: > Eingabe-/Ausgabefehler > > > How may I tell the lvm and the system, that it is ok that this disk do > not exist any more? If a software RAID has been removed, don't forget : mdadm --misc --zero-superblock /dev/sdX where sdX is every disk that was part of the RAID. -- Philippe Naudin UMR MISTEA : Mathématiques, Informatique et STatistique pour l'Environnement et l'Agronomie INRA, bâtiment 29 - 2 place Viala - 34060 Montpellier cedex 2 tél: 04.99.61.26.34, fax: 04.99.61.29.03, mél: nau...@supagro.inra.fr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] rsync -x does not do the same on EL 5.6 and 5.7
Le jeu 08 sep 2011 08:32:20 CEST, Simon Matter a écrit: > Hi, > > We re doing backups of all filesystems to a dedicated server using "rsync > -x". Now, the latest CentOS versions (5.7/6.x) come with rsync-3.0.6 > instead of rsync-2.x. That's nice but unfortunately it doesn't do the same > as 2.x in certain situations. > > The problem is with the -x option, which does not delete content under a > mount point anymore. It was my impression that this is a bug, but I've > been told it's a feature. The problem has shown up after I have added a > new mount point on a server. > > I've added a BZ for RedHat and also posted to the rsync list as below: > > https://bugzilla.redhat.com/show_bug.cgi?id=735981 > > https://lists.samba.org/archive/rsync/2011-September/026766.html > > Am I really the only one having problems with the new behaviour? It > affects all user running "rsync -x". The problem only shows up after new > mount points have been added to a subdirectory which is processed by rsync > -x. That may be the reason why not many people relize it. Still, I don't > see the logic behind the change which is why I take this here to hear what > others think. This is not the only difference between rsync-2.x and 3.x. We are doing rsync -azX --delete-after etc... and it fails with rsync-3. On the server (still running rsync-2), /var/log/secure shows the difference (sorry for the long lines). >From a rsync-2 client, we receive : Sep 7 12:35:01 lasbHOME scponly[6166]: running: /usr/bin/rsync --server -lXogDtprz --delete --delete-after etc... >From a rsync-3 client, it turns to : Sep 7 20:35:01 lasbHOME scponly[12764]: option 'e' or a related long option is not permitted for use with /usr/bin/rsync (arg was .is) Sep 7 20:35:01 lasbHOME scponly[12764]: requested command (/usr/bin/rsync --server -logDtpXrze.is --delete-after etc...) tried to use disallowed argument As I don't have the time to make more trials, I simply downgraded to rsync-2. -- Philippe Naudin UMR MISTEA : Mathématiques, Informatique et STatistique pour l'Environnement et l'Agronomie INRA, bâtiment 29 - 2 place Viala - 34060 Montpellier cedex 2 tél: 04.99.61.26.34, fax: 04.99.61.29.03, mél: nau...@supagro.inra.fr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] mounting an ext3 filesystem "-o ro"
Le lun 29 aoû 2011 15:23:12 CEST, Hakan Koseoglu a écrit: > On 29 August 2011 15:18, Philippe Naudin > wrote: > > Hi, > > > > I want to do something *bad* : to mount an already mounted ext3 > > partition. > Use a clustering file system (i.e., ocfs2) instead. I need to learn more about it before, but you are right that it's definitely better to use an appropriate tool. > > This recovery is probably triggered by the file /.autofsck, but I > > have not found how to get rid of this feature. Is there a way to > > read an ext3 filesystem, completely disabling recovery and any > > write operation ? > Mounting in ext2 will ignore the journalling but not recommended. In > any case you won't be able to mount a dirty ext3 filesystem as ext2. It works ! I can use tune2fs to check that the filesystem seems OK and then mount it as an ext2 filesystem. Thanks a lot ! -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] mounting an ext3 filesystem "-o ro"
Hi, I want to do something *bad* : to mount an already mounted ext3 partition. Mounting "-o bind" is not an option, this partition is mounted by different virtual machines. NFS is the right way to go, so I want another one :-) I have no problem mounting this partition read-only, but it seems that actually it is not really read-only. From /var/log/messages : Aug 29 11:26:43 xen02 kernel: EXT3-fs: INFO: recovery required on readonly filesystem. Aug 29 11:26:43 xen02 kernel: EXT3-fs: write access will be enabled during recovery. Aug 29 11:26:43 xen02 kernel: kjournald starting. Commit interval 5 seconds Aug 29 11:26:43 xen02 kernel: EXT3-fs: recovery complete. Aug 29 11:26:43 xen02 kernel: EXT3-fs: mounted filesystem with ordered data mode. This recovery is probably triggered by the file /.autofsck, but I have not found how to get rid of this feature. Is there a way to read an ext3 filesystem, completely disabling recovery and any write operation ? Thanks, -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Not receiving root mail
Le lun 22 aoû 2011 14:29:29 CEST, Anne Wilson a écrit: > ... > Aug 22 14:02:12 borg postfix/smtp[2071]: B4693A377C: to=, > relay=mailhost.zen.co.uk[212.23.3.98]:25, delay=0.43, > delays=0.09/0.02/0.15/0.18, dsn=5.0.0, status=bounced (host > mailhost.zen.co.uk[212.23.3.98] said: 550-Verification failed for > 550-Unrouteable address 550 Envelope Sender: Domain must > resolve in DNS! (in reply to RCPT TO command)) > ... I think you also need to rewrite your envelop address. I had the same problem years ago, so the way to solve it has probably changed, hopefully not too much : - edit (create if necessary) /etc/postfix/sender_cannonical a...@borg.xxx.lan some.addr...@some.real.server.for.the.bounces - edit main.cf : sender_canonical_maps = hash:/etc/postfix/sender_cannonical - rehash /etc/postfix/sender_cannonical and reload postfix Good luck, -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] the tag Obsoletes: in spec files
Le mer 01 jun 2011 11:37:15 CEST, lo...@lagendijk.xs4all.nl a écrit: > > Hello Philippe, > > > > On Tue, 2011-05-31 at 16:27 +0200, Philippe Naudin wrote: > >> Here is what I have tried : > >> Provides: tetex = %{version} > >> Obsoletes: tetex < %{version} > >> > >> But it doesn't help, yum is ready to install texlive but doesn't > >> remove tetex. > > > > Not sure if the Obsoletes tag actually works as intended or expected, > > but these version tests are odd. Unless tetex and texlive use the same > > version numbers you are testing the wrong version number, and also why > > the '<'? Try this without the version test, just > > > > Provides: tetex > > Obsoletes: tetex > > > >From what I recall from the Fedora packaging guidelines, your need to > provide a tetex-a.b-c where c is one higher than the currently latest > existing version. This however works only as long as no new Tetex versions > appear. For a situation where you want to override a living package in the > distrubution I don't see how an obsoletes could reliably work. A conflict > sounds less tricky to me. [ a few tests later ... ] It is not possible to use Provides: tetex without a version number, because : coreutils conflicts tetex < 1.0.7-66 Using : Provides: tetex = %{version} Obsoletes: tetex doesn't make any change, rpm install texlive without removing tetex. I have also tried Conflicts: but it doesn't work : Provides: tetex = %{version} Conflicts: tetex < %{version} --> Running transaction check ---> Package texlive.x86_64 0:20110312-0phn set to be updated ---> Package texlive-fontsextra.noarch 0:20110312-0phn set to be updated ---> Package texlive-texmf.noarch 0:20110312-0phn set to be updated --> Processing Conflict: texlive conflicts tetex < 20110312 The version of tetex is : $ rpm -q --qf '%{epoch}-%{version}-%{release}\n' tetex (none)-3.0-33.8.el5_5.6 and texlive : (none)-20110312-0phn so, if I understand correctly, the tetex provided by texlive should be "newer" than the real tetex ? -- Philippe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] the tag Obsoletes: in spec files
Le mar 31 mai 2011 19:26:35 CEST, Ljubomir Ljubojevic a écrit: > ... > Something is obviously wrong, and does not work like it should. I gave > up and just removed old version and installed new one. Well, I think you are right : Obsoletes doesn't work, or at least need more documentation about how it works. I followed suggestions from John and Gordon (thanks !) and tried : yum clean yum -v install texlive-20110312-0phn.x86_64.rpm \ texlive-texmf-20110312-0phn.noarch.rpm \ texlive-fontsextra-20110312-0phn.noarch.rpm \ 2>&1 | tee yum.log but grep -Ei '(obsolete|tetex)' yum.log shows only some i386 tetex packages that are excluded by my yum.conf (exclude=*.i?86). The following is no more related to Obsoletes : I tried to install texlive then uninstall tetex despite they both use the same directories to store their packages, and it worked (no need to --force or whatever) ; rpm -V don't find anything to worry about. Because there is a lot of %post scripts in texlive (to configure what have been installed), I want to run again these scripts after removing tetex. I can do a yum reinstall, but my texlive is close to 500 Mb : is there a way to run the scripts without downloading anything ? -- Philippe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] the tag Obsoletes: in spec files
Le mar 31 mai 2011 15:31:17 CEST, Simon Matter a écrit: > > How exactly to use the tag "Obsoletes:" in a spec file ? > > > > I need to offer texlive to users on Centos-5.6, so I packaged it (based > > on a Mandriva src.rpm), and that works. > > > > But I want rpm to *replace* tetex by texlive, instead of just adding > > texlive, when users do a : > > $ yum install texlive > > (we have a local repo here). > > > > So I added this line in texlive.spec : > > Obsoletes: tetex > > Does your package provide tetex? If not, use > > Provides: tetex Hello John and Simon, And thanks for your answers ! Here is what I have tried : Provides: tetex = %{version} Obsoletes: tetex < %{version} But it doesn't help, yum is ready to install texlive but doesn't remove tetex. tetex is required by : $ rpm -q --whatrequires tetex tetex-latex-3.0-33.8.el5_5.6 jadetex-3.12-15.el5 texinfo-tex-4.8-14.el5 jadetex and tetex-latex are also obsoleted/provided in the same way than tetex, and texinfo-tex is happy working with texlive. Other suggestions ? -- Philippe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] the tag Obsoletes: in spec files
How exactly to use the tag "Obsoletes:" in a spec file ? I need to offer texlive to users on Centos-5.6, so I packaged it (based on a Mandriva src.rpm), and that works. But I want rpm to *replace* tetex by texlive, instead of just adding texlive, when users do a : $ yum install texlive (we have a local repo here). So I added this line in texlive.spec : Obsoletes: tetex and of course I rebuilt the package, and (of course) that just don't work, despite tetex is listed among the Obsoleted packages : $ rpm -qp --obsoletes texlive-20110312-0phn.x86_64.rpm dvi2tty <= 5.3.1 jadetex kpathsea <= 20100722 kpathsea-devel <= 20100722 kpathsea-static-devel <= 20100722 pdfjam <= 1.21 ps2eps <= 1.64 tetex tetex-context tetex-devel tetex-dvipdfm tetex-dvips tetex-dvilj tetex-latex tetex-mfwin tetex-texi2html tetex-usrlocal tetex-xdvi etc... (tetex is the CentOS one : tetex-3.0-33.8.el5_5.6) Can someone explain me why this fails, and eventually an other way to solve this problem ? Thanks, -- Philippe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] since CentOS 5.6 upgrade, squid crashes
Le mer 04 mai 2011 15:03:06 CEST, Laurent CREPET a écrit: > [root@stargate ~]# logrotate -d -v -f /etc/logrotate.d/squid > [snip ] > So, logrotating squid logs by hand works. Now, when logrotate is started from > /etc/cron.daily/logrotate, it processes more log files. It has consequences > on system load and disk space. Here are my last ideas. Not sure it is working : logrotate -d is debug mode, it actually does nothing. You have to try again without -d to check if it works. Don't forget to check the content of /var/log/squid/ (file size, date and time) for the result. -- Philippe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] since CentOS 5.6 upgrade, squid crashes
Le mer 04 mai 2011 12:48:39 CEST, Laurent CREPET a écrit: > [...] > However, since: > - my settings have not been modified recently > - logrorate and squid packages have not been updated by CentOS 5.6 (see below) > ...an issue with glibc ? Squid and logrotate work just fine here : $ rpm -q squid logrotate squid-2.6.STABLE21-6.el5 logrotate-3.7.4-9.el5_5.2 $ ls -l /var/log/squid/ total 92624 -rw--- 1 squid squid 43709603 mai 4 13:08 access.log -rw--- 1 squid squid 9424047 mai 1 04:02 access.log.1.gz -rw--- 1 squid squid 9751039 avr 24 04:02 access.log.2.gz -rw--- 1 squid squid 10745924 avr 17 04:02 access.log.3.gz -rw--- 1 squid squid 11373152 avr 10 04:02 access.log.4.gz -rw--- 1 squid squid 9620745 avr 3 04:02 access.log.5.gz -rw-r- 1 squid squid 2794 mai 4 11:58 cache.log -rw-r- 1 squid squid 2503 mai 1 04:02 cache.log.1.gz -rw-r- 1 squid squid 1580 avr 24 04:02 cache.log.2.gz -rw-r- 1 squid squid 1881 avr 17 04:02 cache.log.3.gz -rw-r- 1 squid squid 1591 avr 10 04:02 cache.log.4.gz -rw-r- 1 squid squid 2772 avr 3 04:02 cache.log.5.gz -rw-r--r-- 1 squid squid 511 nov 26 09:13 squid.out Have you double checked that your problem is not a permission problem, or some SELinux issue ? You can also try, as root : $ logrotate -d -v -f /etc/logrotate.d/squid # and without -d $ squid -k rotate $ ls -lZ /var/log/squid/ to see if there is any error message. HTH, -- Philippe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] updating libvorbis
Le mar 26 avr 2011 04:34:58 CEST, Johnny Hughes a écrit: > CentOS, Red Hat and Fedora use an NEVR model > (Name-Epoch-Version-Release) for version control. > > This command shows that libvorbis has an epoch of 1: > > [root@m4500 ~]# rpm -q --qf '%{epoch}\n' libvorbis > 1 > > The default Epoch, if undefined, is (none) ... or 0. > > You need to set the epoch in your spec file to at least 1 to make it > newer than the installed libvorbis. > > See this link to read about epoch: > > http://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/0.1/html/RPM_Guide/ch-specfile-syntax.html Thanks a lot for this explanation, and for the URL : it is exactly what I needed. -- Philippe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] updating libvorbis
[ replying to myself ] Le mar 26 avr 2011 11:20:44 CEST, Philippe Naudin a écrit: > ... > Who knows how to make rpm understand than 1.2.3 is newer than 1.1.2 ? > I have tried : > %define name libvorbis > Name: %{name} > Provides: %{name} = %{version}-%{release} > Obsoletes:%{name} < %{version}-%{release} > and the same thing for %{name}-devel, but without any success. Got it : I had to add (ahem) Epoch: 1 but I don't understand exactly how this "Epoch" stuff works. Any pointer to some reading about spec files ? Thanks, -- Philippe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] updating libvorbis
Hello, On a machine with CentOS-5.6, I need libvorbis >= 1.2, so I have recompiled and packaged libvorbis. But I get the following error : $ rpm -U /usr/src/redhat/RPMS/x86_64/libvorbis-1.2.3-phn.1.x86_64.rpm /usr/src/redhat/RPMS/x86_64/libvorbis-devel-1.2.3-phn.1.x86_64.rpm package libvorbis-1.1.2-3.el5_4.4.x86_64 (which is newer than libvorbis-1.2.3-phn.1.x86_64) is already installed package libvorbis-devel-1.1.2-3.el5_4.4.x86_64 (which is newer than libvorbis-devel-1.2.3-phn.1.x86_64) is already installed Who knows how to make rpm understand than 1.2.3 is newer than 1.1.2 ? I have tried : %define name libvorbis Name: %{name} Provides: %{name} = %{version}-%{release} Obsoletes: %{name} < %{version}-%{release} and the same thing for %{name}-devel, but without any success. "Yum update" also fails, with the following error : Examining /usr/src/redhat/RPMS/x86_64/libvorbis-1.2.3-phn.1.x86_64.rpm: libvorbis-1.2.3-phn.1.x86_64 /usr/src/redhat/RPMS/x86_64/libvorbis-1.2.3-phn.1.x86_64.rpm: does not update installed package. Examining /usr/src/redhat/RPMS/x86_64/libvorbis-devel-1.2.3-phn.1.x86_64.rpm: libvorbis-devel-1.2.3-phn.1.x86_64 /usr/src/redhat/RPMS/x86_64/libvorbis-devel-1.2.3-phn.1.x86_64.rpm: does not update installed package. No Packages marked for Update Can someone help me ? Thanks, -- Philippe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Epel and yum downgrade : possible ?
Le mar 08 mar 2011 22:04:27 CET, Nico Kadel-Garcia a écrit: > On Tue, Mar 8, 2011 at 11:59 AM, Ned Slider wrote: > > On 08/03/11 16:55, Ned Slider wrote: > >> On 08/03/11 15:53, Philippe Naudin wrote: > >>> Hello, > >>> > >>> Is it possible to downgrade to an old version of a package on epel ? I > >>> am in troubles with the new dokuwiki-0-0.6.20101107.a.el5, and cannot > >>> find dokuwiki-0-0.4.20091225.c.el5.noarch... > >>> > >>> Thanks, > >>> > >> > >> You will need to install the "yum-allowdowngrade" package if it's not > >> already installed to allow yum to do this. > >> > >> Then simply run: > >> > >> yum downgrade dokuwiki > >> > >> which should downgrade to the previously available version > >> > > > > Replying to myself... I neglected to mention this relies on the > > repository keeping old versions available for you to "downgrade" to. > > Which EPEL does not do. So in general, no, it's not feasible to > downgrade EPEL packages. > Thanks Ned and Nico. Yes, "yum downgrade dokuwiki" says there is nothing available. I can rebuild version 20091225.c from dokuwiki.org, but I don't know if there where any patches added by Epel, and this is likely. My guess is the source rpm for Epel was the same as the source rpm for Fedora, so I am going to try this one. I will be more careful with packages coming from other repos than CentOS... Thanks again, -- Philippe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Epel and yum downgrade : possible ?
Hello, Is it possible to downgrade to an old version of a package on epel ? I am in troubles with the new dokuwiki-0-0.6.20101107.a.el5, and cannot find dokuwiki-0-0.4.20091225.c.el5.noarch... Thanks, -- Philippe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Basic Bash Script Question
Le lun 21 fév 2011 10:31:38 CET, James Bensley a écrit: > I'm stuck trying to work this one out and my Google skills are > apparently lacking today. > > This is a test bash script; > > #!/bin/bash > > do something | tee a.log > > if [ $? -ne 0]; then > echo broken > fi What about : { do something ; RETCODE=$? ; } | tee somefile echo $RETCODE -- Philippe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] internet connection tester script
Le ven 28 jan 2011 03:28:22 CET, kellyremo a écrit: > [ ... ] > $ while $TORF; do ping -W 1 -c 1 bix.hu >& /dev/null && ping > -W 1 -c 1 www.yahoo.com >& /dev/null && TORF=false || > TORF=true; done > $ > > It just doesn't work. > > Goal: if theres no internet connection, then the oneliner must loop until > there is internet connection. if theres internet connection the oneliner ends. > > what am i missing? try : until ping -W 1 -c 1 bix.hu || ping -W 1 -c 1 www.yahoo.com ; do sleep 5 done >& /dev/null Note that ping -W 1 is crazy. -- Philippe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] disk quotas + centos 5,5 +xfs
Le lun 17 jan 2011 18:15:34 CET, aurfal...@gmail.com a écrit: > Hi all, > > is any one aware quotas not working in 5,5? > > I'm using XFS as a file system. > > My fstab has the appropriate usrquota,grpquota but when I try to run; > quotacheck -cug /foo > > I get; > > quotacheck: Can't find filesystem to check or filesystem not mounted > with quota option. Same thing here. Try : $ repquota -sav -- Philippe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux : semodule_package, magic number does not match
Le lun 17 jan 2011 14:32:22 CET, Daniel J Walsh a écrit: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 01/17/2011 08:25 AM, Philippe Naudin wrote: > > Hello, > > > > I am trying to create a custom policy, but with no succes : > > > > $ cat < foo.te > > module local 1.0; > > > > require { > > type httpd_sys_script_exec_t; > > type httpd_sys_script_t; > > class lnk_file read; > > } > > > > #= httpd_sys_script_t == > > allow httpd_sys_script_t httpd_sys_script_exec_t:lnk_file read; > > EOF > > > > $ checkmodule -M -m -o foo.mod foo.te > > checkmodule: loading policy configuration from foo.te > > checkmodule: policy configuration loaded > > checkmodule: writing binary representation (version 6) to foo.mod > > > > $ semodule_package -o foo.pp -m foo.mod > > $ echo $? > > 0 > > # So far, so good. But : > > > > $ checkmodule -b foo.pp > > checkmodule: loading policy configuration from foo.pp > > libsepol.policydb_read: policydb magic number 0xf97cff8f does not match > > expected magic number 0xf97cff8c or 0xf97cff8d > > checkmodule: error(s) encountered while parsing configuration > > # And trying to "semodule -i foo.pp" fails completely. > > > Wrong command. > > semodule -i foo.pp Yes, I have tried this one too : $ semodule -i /usr/share/selinux/targeted/http_lnk_exec.pp $ echo $? 0 Everything seems OK, but : $ semodule -l aisexec 1.0.0 amavis 1.1.0 ccs 1.0.0 clamav 1.1.0 clogd 1.0.0 dcc 1.1.0 dnsmasq 1.1.1 evolution 1.1.0 ipsec 1.4.0 iscsid 1.0.0 local 1.0 milter 1.0.0 mozilla 1.1.0 mplayer 1.1.0 nagios 1.1.0 oddjob 1.0.1 pcscd 1.0.0 postgrey1.1.0 prelude 1.0.0 pyzor 1.1.0 qemu1.1.2 razor 1.1.0 rgmanager 1.0.0 rhcs1.1.0 ricci 1.0.0 smartmon1.1.0 spamassassin1.9.0 vhostmd 1.0.0 virt1.2.1 zosremote 1.0.0 My module is not listed, and testing shows that the new rule in not used : $ audit2why < /var/log/audit/audit.log | grep AVC type=AVC msg=audit(1295337185.859:297): avc: denied { read } for pid=1854 comm="httpd" name="post-commit" dev=sda3 ino=295635 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_script_exec_t:s0 tclass=lnk_file > I am not sure what > > checkmodule -b foo.pp > > will do. Without "-o", it is supposed to check the syntax of foo.pp. It is the only explanation I can get on why "semodule -i" fails in my case. Any other suggestion ? I am completely stuck... -- Philippe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] SELinux : semodule_package, magic number does not match
Hello, I am trying to create a custom policy, but with no succes : $ cat < foo.te module local 1.0; require { type httpd_sys_script_exec_t; type httpd_sys_script_t; class lnk_file read; } #= httpd_sys_script_t == allow httpd_sys_script_t httpd_sys_script_exec_t:lnk_file read; EOF $ checkmodule -M -m -o foo.mod foo.te checkmodule: loading policy configuration from foo.te checkmodule: policy configuration loaded checkmodule: writing binary representation (version 6) to foo.mod $ semodule_package -o foo.pp -m foo.mod $ echo $? 0 # So far, so good. But : $ checkmodule -b foo.pp checkmodule: loading policy configuration from foo.pp libsepol.policydb_read: policydb magic number 0xf97cff8f does not match expected magic number 0xf97cff8c or 0xf97cff8d checkmodule: error(s) encountered while parsing configuration # And trying to "semodule -i foo.pp" fails completely. So here come my questions : - is there a boolean to allow httpd to execute a script "symlinked" ? (scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:httpd_sys_script_exec_t:s0 tclass=lnk_file) - can someone reproduce the error described above ? - any clue on how to fix it ? (For the curious one : I am fighting svn hooks on a filesystem mounted "-o noexec".) Additional infos : $ rpm -qa 'kernel*' '*selinux*' kernel-2.6.18-194.26.1.el5 kernel-2.6.18-194.32.1.el5 kernel-devel-2.6.18-194.26.1.el5 kernel-devel-2.6.18-194.32.1.el5 kernel-headers-2.6.18-194.32.1.el5 libselinux-1.33.4-5.5.el5 libselinux-devel-1.33.4-5.5.el5 libselinux-python-1.33.4-5.5.el5 libselinux-utils-1.33.4-5.5.el5 selinux-policy-2.4.6-279.el5_5.2 selinux-policy-devel-2.4.6-279.el5_5.2 selinux-policy-targeted-2.4.6-279.el5_5.2 $ uname -a Linux despina 2.6.18-194.26.1.el5 #1 SMP Tue Nov 9 12:54:20 EST 2010 x86_64 x86_64 x86_64 GNU/Linux Thanks, -- Philippe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] httpd and selinux
Hello, Running httpd-2.2.3-43.el5.centos.3 on CentOS release 5.5 (Final), I have : $ ps -Ze LABEL PID TTY TIME CMD user_u:system_r:httpd_t 12833 ?00:00:00 httpd Is it normal for httpd to have this context (user_u:system_r:httpd_t) ? I was expecting system_u:system_r:httpd_t. And if it is not normal, is it because I have restarted httpd by hand (service httpd restart), or because I have broken something in my configuration ? Thanks, -- Philippe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.5: what do /etc/sysconfig/networking and /etc/sysconfig/network-scripts exactly ?
Le mer 24 nov 2010 00:22:36 CET, John R Pierce a écrit: > On 11/24/10 12:14 AM, giggzounet wrote: > > Hi, > > > > on our cluster we have 5 network interfaces. I was surprised to discover > > that the ifcfd-* files under /etc/sysconfig/networking and > > /etc/sysconfig/network-scripts were not the same. So I have searched a > > little bit, but I'm now confused: > > > > - the files under /etc/sysconfig/networking come from system-config-network. > > - the files under /etc/sysconfig/network-scripts are read by the > > /etc/init.d/network script and used to set up the network interfaces. > > - I don't find where the files under /etc/sysconfig/networking are used. > > - Does system-config-network modify the file under > > /etc/sysconfig/network-scripts too ? > > > > Is there someone who can enlightenment me ? > > take a look at /etc/rc.d/init.d/network > > thats the script that runs all that other stuff to fire up all the > networking interfaces defined. > > its moderately complicated. Or easier : /usr/share/doc/initscripts-*/sysconfig.txt -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] i can't install centos on my poweredge 2950
Le Mon, 23 Aug 2010 14:08:17 +0200, Eric Doutreleau a écrit : > hi > > i m trying to install centos5 on my poweredge 2950 with no luck. > the raid controler is > LSI Logic / Symbios Logic MegaRAID SAS 1078 (rev 04) I don't know for a 2950, but for a PE 1950 I have : alias scsi_hostadapter megaraid_mbox in /etc/modprobe.conf, and : $ modinfo megaraid_mbox filename: /lib/modules/2.6.18-194.11.1.el5/kernel/drivers/scsi/megaraid/megaraid_mbox.ko version:2.20.5.1 license:GPL description:LSI Logic MegaRAID Mailbox Driver $ rpm -qf /lib/modules/2.6.18-194.11.1.el5/kernel/drivers/scsi/megaraid/megaraid_mbox.ko kernel-2.6.18-194.11.1.el5 Good luck, -- Philippe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] [Solved] was: grub, initrd and Co
OK, I still don't understand what exactly went wrong, but my system boot nicely now. I think the problem was here : > Trying to resume from /dev/hda3 > No suspend signature on swap, not resuming. > Creating root device. > Mounting root filesystem. > mount: error mounting /dev/root on /sysroot as auto: No such device This is because, when I ran mkinitrd, /etc/fstab was reading: /dev/hda1 / autodefaults 1 1 instead of : /dev/hda1 / ext3defaults 1 1 I am not really sure this was the problem, and can only suppose that the support for ext3 was missing in the initrd.img (ext3 as a module, they are crazy ;-), but I re-ran mkinitrd after editing fstab and voila. Thanks to all of you for your answers ! -- Philippe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] grub, initrd and Co
Le Tue, 08 Jun 2010 14:30:40 +0200, Mogens Kjaer a écrit : > On 06/08/2010 02:13 PM, Philippe Naudin wrote: > ... > >>> mount: error mounting /dev/root on /sysroot as auto: No such device > ... > > Any idea ? > > /etc/fstab looks good; now what's in your /boot/grub/grub.conf file? # cat /mnt/linux/etc/grub.conf # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You do not have a /boot partition. This means that # all kernel and initrd paths are relative to /, eg. # root (hd0,0) # kernel /boot/vmlinuz-version ro root=/dev/hda1 # initrd /boot/initrd-version.img #boot=/dev/hda default=0 timeout=5 splashimage=(hd0,0)/boot/grub/splash.xpm.gz hiddenmenu title CentOS (2.6.18-194.3.1.el5) root (hd0,0) kernel /boot/vmlinuz-2.6.18-194.3.1.el5 ro root=/dev/hda1 initrd /boot/initrd-2.6.18-194.3.1.el5.img > > BTW, if you boot in rescue mode from the installation DVD/CD, does > it automatically mount everything? Yes, including swap, and dmesg doesn't report any errors. I chrooted to /mnt/sysimage and tried grub-install /dev/hda1 : Installation finished. No error reported. (hd0) /dev/hda ... but no better result after a reboot (exactly the same messages). My bet is : grub is ok, initrd maybe, but something else is missing (udev ? selinux is disabled). Cheers, -- Philippe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] grub, initrd and Co
Le Tue, 08 Jun 2010 13:42:44 +0200, Mogens Kjaer a écrit : > On 06/08/2010 01:26 PM, Philippe Naudin wrote: > ... > > mount: error mounting /dev/root on /sysroot as auto: No such device > ... > > I have certainly forgotten something, but I am unable to find what... > > What is the exact contents of your /etc/fstab file? > > Mogens > Please excuse the long lines below : # cat /mnt/linux/etc/fstab /dev/hda1 / ext3defaults1 1 tmpfs /dev/shmtmpfs defaults0 0 devpts /dev/ptsdevpts gid=5,mode=620 0 0 sysfs /syssysfs defaults0 0 proc/proc procdefaults0 0 /dev/hda3 swapswapdefaults0 0 /dev/hda5 /var/spool/squid/cache1 ext3 defaults,noatime,nodev,noexec 1 2 /dev/hda6 /var/spool/squid/cache2 ext3 defaults,noatime,nodev,noexec 1 2 /dev/hdc/mnt/cdrom autonoauto,owner,user,ro 0 0 ... and the partition table is : # fdisk -l Disk /dev/hda: 81.9 GB, 81964302336 bytes 16 heads, 63 sectors/track, 158816 cylinders Units = cylinders of 1008 * 512 = 516096 bytes Disk identifier: 0x44018339 Device Boot Start End Blocks Id System /dev/hda1 13969 2000344+ 83 Linux /dev/hda239707938 2000376 83 Linux /dev/hda37939 11907 2000376 82 Linux swap / Solaris /dev/hda4 11908 158816740421365 Extended /dev/hda5 11908 317491336+ 83 Linux /dev/hda6 31750 515911336+ 83 Linux Any idea ? Cheers, -- Philippe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] grub, initrd and Co
Hi all, I am trying to boot from a HD created as a copy of a running system (and it doesn't work, and I don't understand why ...) This is the system to be copied : File-systemSize Used Avail Use% Mounted on /dev/hda1 2.0G 797M 1.1G 43% / tmpfs 506M 0 506M 0% /dev/shm /dev/hda5 4.7G 3.3G 1.2G 74% /var/spool/squid/cache1 /dev/hda6 4.7G 3.3G 1.2G 74% /var/spool/squid/cache2 The backup of the system has been done with : /bin/tar czO -C / --preserve-permissions --sparse --one-file-system \ --exclude=lost+found --exclude=tmp/* \ . \ | /usr/bin/nc -w 5 my.workstation 6060 # ( after executing # netcat -l -p 6060 > $IMAGE on my.workstation ) On the target HD, I have created three "type 83" partitions and a swap, ran mke2fs -cc -j /dev/$D for the three FS and mkswap -c /dev/$D for the future swap. The target root FS was restored with : tar xzpf $IMAGE -C /mnt/linux On the target root FS, I edited /etc/fstab and /etc/grub.conf, replacing any reference to LABEL=... by the real device (/dev/hda1 and so on). Then I took care of the initrd (future / is mounted on /mnt/linux/) : mount -o bind /dev /mnt/linux/dev mount -t proc none /mnt/linux/proc mount -t sysfs none /mnt/linux/sys rm /mnt/linux/boot/initrd* chroot /mnt/linux mkinitrd /boot/initrd-2.6.18-194.3.1.el5.img 2.6.18-194.3.1.el5 # so far, so good... ... and installed grub on the target HD : /sbin/grub --no-curses find /boot/grub/stage1 # answer : (hd0,0) root (hd0,0) setup (hd0) # answer : succeeded quit exit # (chroot) When I try to boot the target HD (set as hda in a new PC), I get the grub prompt, and I can boot the system. Every thing goes too quickly, so I can't see what is going on, until : ... Trying to resume from /dev/hda3 No suspend signature on swap, not resuming. Creating root device. Mounting root filesystem. mount: error mounting /dev/root on /sysroot as auto: No such device Setting up other filesystems. Setting up new root fs setuproot: moving /dev/failed: No such file or directory no fstab.sys, mounting internal defaults Then it complains about missing /proc and /sys, and end with : switchroot: mount failed: No such file or directory Kernel panic - not syncing: Attempted to kill init! /dev/hda3 is the swap partition on the new disk. The swap was in /dev/hda2 on the old disk, but fstab has been modified accordingly ; other FS are just like on the old disk (I mean, / is hda1, cache1 is hda5 and cache2 is hda6). I have certainly forgotten something, but I am unable to find what... Who can help me ? Thanks, -- Philippe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Not firewall, but what?
Le Fri, 7 May 2010 09:01:17 +0100, "Simon Billis" a écrit : > Can you confirm the routing on the two boxes - is there anything different? > I would also check the routing on the upstream routers - it is possible that > one of your ingress/egress routers has a static entry that is causing > issues. I would check all the routers that are inside the 62.236.0.0/15 > subnet (BGP thinks that these addresses are part of that subnet). $ traceroute -T 62.236.221.71 traceroute to 62.236.221.71 (62.236.221.71), 30 hops max, 40 byte packets 1 cc-campus.supagro.inra.fr (147.99.0.20) 0.231 ms 0.186 ms 0.185 ms 2 cc-dmz1.supagro.inra.fr (147.99.75.1) 0.406 ms 0.392 ms 0.373 ms 3 (195.220.89.181) 22.530 ms 22.517 ms 22.843 ms 4 193.51.241.145 (193.51.241.145) 6.910 ms 6.806 ms 7.637 ms 5 * * * 6 te1-2-marseille-rtr-021.noc.renater.fr (193.51.189.21) 9.527 ms 9.756 ms 9.976 ms 7 te0-0-0-0-lyon1-rtr-001.noc.renater.fr (193.51.189.17) 10.801 ms 10.786 ms 10.767 ms 8 xe-8-0-0.edge5.Paris1.Level3.net (212.73.207.173) 18.686 ms 17.010 ms 16.981 ms 9 ae-33-51.ebr1.Paris1.Level3.net (4.69.139.193) 16.548 ms 20.324 ms 20.076 ms 10 ae-47-47.ebr1.London1.Level3.net (4.69.143.109) 22.232 ms ae-48-48.ebr1.London1.Level3.net (4.69.143.113) 22.659 ms 22.723 ms 11 ae-1-51.edge3.London1.Level3.net (4.69.139.73) 22.949 ms 22.260 ms 22.547 ms 12 tdcdenmark-level3-xe.london1.Level3.net (4.68.63.90) 22.949 ms 22.611 ms 22.695 ms 13 atm1-0-5.psl-gw3.hel.fi.ip.tdc.net (62.236.1.26) 55.654 ms 55.624 ms 55.806 ms 14 proequal-cpe1.hel.fi.sn.net (62.236.27.110) 70.389 ms 71.992 ms 69.084 ms 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * $ traceroute -T 62.236.221.78 traceroute to 62.236.221.78 (62.236.221.78), 30 hops max, 40 byte packets 1 cc-campus.supagro.inra.fr (147.99.0.20) 0.256 ms 0.185 ms 0.182 ms 2 cc-dmz1.supagro.inra.fr (147.99.75.1) 0.283 ms 0.267 ms 0.256 ms 3 (195.220.89.181) 1150.194 ms 1150.189 ms 1150.165 ms 4 193.51.241.145 (193.51.241.145) 1.050 ms 0.947 ms 0.910 ms 5 * * * 6 te1-2-marseille-rtr-021.noc.renater.fr (193.51.189.21) 8.441 ms 8.389 ms 8.646 ms 7 te0-0-0-0-lyon1-rtr-001.noc.renater.fr (193.51.189.17) 10.117 ms 10.090 ms 10.065 ms 8 xe-8-0-0.edge5.Paris1.Level3.net (212.73.207.173) 15.203 ms 17.176 ms 17.279 ms 9 ae-33-51.ebr1.Paris1.Level3.net (4.69.139.193) 17.261 ms 15.151 ms 15.124 ms 10 ae-47-47.ebr1.London1.Level3.net (4.69.143.109) 22.346 ms ae-48-48.ebr1.London1.Level3.net (4.69.143.113) 22.200 ms 22.164 ms 11 ae-1-51.edge3.London1.Level3.net (4.69.139.73) 22.625 ms 22.504 ms 22.582 ms 12 tdcdenmark-level3-xe.london1.Level3.net (4.68.63.90) 22.247 ms 22.714 ms 22.815 ms 13 atm1-0-5.psl-gw3.hel.fi.ip.tdc.net (62.236.1.26) 55.513 ms 55.065 ms 55.150 ms 14 proequal-cpe1.hel.fi.sn.net (62.236.27.110) 60.118 ms 60.908 ms 60.062 ms 15 ns2.greenspot.fi (62.236.221.78) 62.618 ms 63.832 ms 64.659 ms -- Philippe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Not firewall, but what?
Le Fri, 07 May 2010 07:38:45 +0300, Jussi Hirvi a écrit : > ... > You could test yourself if you can see > http://62.236.221.71 (the problem system) > http://62.236.221.78 (another guest on the same xen host) > > If someone *cannot* see the 1st one, then it would be interesting to > know if (s)he can see the 2nd one or not. It is the case from 147.99.7.1, and not only for port 80 : $ ping -c 10 62.236.221.71 PING 62.236.221.71 (62.236.221.71) 56(84) bytes of data. --- 62.236.221.71 ping statistics --- 10 packets transmitted, 0 received, 100% packet loss, time 8998ms $ ping -c 1 62.236.221.78 PING 62.236.221.78 (62.236.221.78) 56(84) bytes of data. 64 bytes from 62.236.221.78: icmp_seq=1 ttl=46 time=58.9 ms --- 62.236.221.78 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 58.975/58.975/58.975/0.000 ms -- Philippe Naudin ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos